Lucentive Labs

Lucentive Labs · agent-tooling

Ferry

Beta

Use a secret in an agent's command without ever showing it the value.

Ferry is an agent-era secrets broker. It runs your command as a child process and injects declared secrets into that child's environment — the value reaches vercel/convex/curl but never touches Ferry's stdout, logs, the audit file, or the calling agent's transcript. You authorize a typed policy once (which secrets, from which backend, for which commands); no per-use biometric prompt, works headless. Even an echoed secret is redacted to [redacted:NAME]. Zero runtime dependencies — nothing but Node built-ins between your secret and the child.

Backends

Values come from where they already live

1Password

High

op(ref)

Team/prod secrets via the op CLI (op read <ref>).

Encrypted file

Medium

file(name)

Headless reuse. AES-256-GCM, scrypt key from FERRY_FILE_KEY.

Process env

Low

env(varName?)

Local dev; reads process.env / a local .env.

The guarantee

Usable by an agent, invisible to it

  • The value's only homes are the backend, the child process env, and Ferry's transient memory — never stdout, logs, the audit file, or the return value.
  • Child stdout and stderr share one boundary-safe redactor that replaces every occurrence of an injected value with [redacted:NAME] — across chunk boundaries and even when a value is split across the two streams.
  • A secret is injected only when the argv matches one of its allow globs; for every DECLARED secret Ferry owns its env var (name, env source, and broker keys), so a denied or excluded declared secret never leaks through the parent environment.
  • Every access appends one JSONL audit row { ts, secret, command, backend, decision } — a decision record, never a value.

Get started

ferry init → ferry run -- your command

Declare your secrets once, then prefix any command with ferry run --. MIT-licensed, zero runtime dependencies.